Security Basics mailing list archives
RE: Forensic Tool
From: "Robinson, Sonja" <Sonja.Robinson () fticonsulting com>
Date: Tue, 10 Jun 2008 17:21:42 -0400
Link file analysis. If you DO NOT know how to do this investigation forensically, call someone who does. Especially if you expect to terminate said employee. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adam Pal Sent: Tuesday, June 10, 2008 5:06 PM To: newnewguy () aol com Cc: security-basics () securityfocus com Subject: Re: Forensic Tool Hello newnewguy, (nice name *G*) Well, lets asume case a) data has been sent via email to another location, in this case you can evaluate the logs to get some info. case b) data has been copyed to another device. In this case, i would say that you can only see if a device was being attached by reading windows logs, but i`m not sure how long this information is being kept by the system. What you cannot see in case B will be what files have been copyed. Basicaly, case a could eventualy be an argument in front of the court, but assumptions as case b or others wont. The point is, a copy means reading access on original file and writing access on target file. You can eventualy see in the metadata when the last reading access ocured, but this doesnt necessarily mean that the file was copyed to external, there is a multitude of processes which can cause a reading access. I hope you can have a better perspective on the problem. I wish you good luck! -- Best regards, Adam Pal Monday, June 9, 2008, 6:56:41 PM, you wrote: <==============Original message text=============== nac> Hi, nac> I of the person in my company has downloaded very imp files nac> (Application & Data)from HR portal. nac> He has deleted the files from his machine. We need to ensure that nac> files were not copied to any other media before deletion. nac> Request you to please help on How this can be achieved. nac> Thanks! nac> New Guy <===========End of original message text===========
Current thread:
- Forensic Tool newnewguy (Jun 09)
- Re: Forensic Tool Shreyas Zare (Jun 09)
- Message not available
- Re: Forensic Tool Shreyas Zare (Jun 10)
- Message not available
- Re: Forensic Tool Shreyas Zare (Jun 09)
- Message not available
- Re: Forensic Tool Dennis Kudin (Jun 10)
- Re: Forensic Tool p1g (Jun 10)
- Re: Forensic Tool Adam Pal (Jun 10)
- RE: Forensic Tool Robinson, Sonja (Jun 10)